In response to the public outcry over the National Security Agency's surveillance programs, tech companies last week asked United States officials to allow them to be more open about the circumstances under which they give user data to the government. Facebook floated the idea of creating "transparency reports," with lawyer Ted Ullyot saying in a statement "We urge the United States government to help make that possible by allowing companies to include information about the size and scope of national security requests we receive. And look forward to publishing a report that includes that information." Microsoft echoed the sentiment by saying greater transparency "would help the community understand and debate these important issues." And Google "has nothing to hide," said CLO David Drummond. The government apparently heard their cries sometime on Friday evening, when Facebook and Microsoft posted the number of law enforcement and national security-related data requests they received during the second half of last year, including those from the secret court that signs off on Foreign Intelligence Surveillance Act requests, which they were forbidden from acknowledging until now.
Here are Facebook's figures: "For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) — was between 9,000 and 10,000. These requests run the gamut — from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts."
Microsoft, which released the total number of data requests for both criminal and national security matters (with the exception of the classified ones) before, said it received "between 6,000 and 7,000 similar requests, affecting as many as 32,000 accounts." Meanwhile, Google, which has previously published separate law enforcement and national security request tallies categorized by country and type, declined to release its most recent figures until the government allows the company to include FISA requests in its "aggregate numbers of national security requests," instead of the nonspecific counts Facebook and Microsoft put out. "Lumping the two categories together would be a step back for users," said a Google statement. (Twitter legal director Benjamin Lee agrees.)
For now, Facebook and Microsoft's numbers make it impossible to know exactly how many NSA and FISA requests they receive. However, the disclosures do help the companies combat the growing perception that they're just handing over everyone's drunken college photos and inappropriate intra-office chats and e-mails to bored government officials pretty much whenever. And, according to "a person familiar with the matter" who spoke to The Wall Street Journal, "Facebook executives are still pushing government officials to allow them to release more information about classified orders. They are also requesting permission to disclose the total number of users that may have been impacted by these orders." It's a start, though it would be nice if tech companies had pushed harder for openness before Edward Snowden forced online surveillance into the national conversation. Of course, it's easy to see why they didn't.